package com.xyw.code.authentication.server.rest;

import com.xyw.code.authentication.server.service.IAuthenticationService;
import com.xyw.code.common.core.entity.vo.Result;
import io.swagger.annotations.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.security.Principal;

/**
 * Created with IntelliJ IDEA.
 * User: xuyiwei
 * Date: 2020/4/22
 * Time: 下午3:08
 * Email: 1328312923@qq.com
 * Description: No Description
 **/
@RestController
@Api("auth")
@Slf4j
public class AuthenticationController {

    @Autowired
    private IAuthenticationService authenticationService;

    @ApiOperation(value = "权限验证", notes = "根据用户token，访问的url和method判断用户是否有权限访问")
    @ApiImplicitParams({
            @ApiImplicitParam(paramType = "query", name = "url", value = "访问的url", required = true, dataType = "string"),
            @ApiImplicitParam(paramType = "query", name = "method", value = "访问的method", required = true, dataType = "string")
    })
    @ApiResponses(@ApiResponse(code = 200, message = "处理成功", response = Result.class))
    @PostMapping(value = "/auth/permission")
    public Result decide(@RequestParam String url, @RequestParam String method, HttpServletRequest request ) {
        //使用url和method重写  因为这边调用都是post  后面方法正常用request接收就好
        boolean decide = authenticationService.decide(new HttpServletRequestAuthWrapper(request,url,method));
        return Result.success(decide);
    }
}
